a47db2156d952cb5bd2896d42ce4cee7f7d344ef9dfbfc7c2c56e47ec30327d2

Sharing

Copy URL Twitter E-mail

General

Target

a47db2156d952cb5bd2896d42ce4cee7f7d344ef9dfbfc7c2c56e47ec30327d2
Size

3.4MB
MD5

a636f890b45a4abeca9b1f7f94a6c496
SHA1

e5129e403cca312b5a8de3b930b9894e48d3f853
SHA256

a47db2156d952cb5bd2896d42ce4cee7f7d344ef9dfbfc7c2c56e47ec30327d2
SHA512

eb7a94051591beea2e1b456c0077eb2b5dccfd88953c134a559735a5f1b151a347a88c2f3b99e538048b3acd85d5c772a122c834b8f75bf898995cbc1f26a6f2
SSDEEP

49152:YJTo2c/Nxdb2rpMdqio9iaPkoPTHKmGHYAbEsJ0aEGFD1NeUERvTKjlVYk:UML/NpdqioI8H/GHPoWTL

Score

N/A

Malware Config

Signatures

Files

a47db2156d952cb5bd2896d42ce4cee7f7d344ef9dfbfc7c2c56e47ec30327d2
.dll windows x86

549aab14b72be073e21f9e1306c0ac5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAAddressToStringW
getpeername
WSAGetLastError
WSAIoctl
htons
socket
inet_addr
WSAStartup
listen
closesocket
bind
accept
select
__WSAFDIsSet
sendto
recv
connect
send
gethostbyname
inet_ntoa
WSACloseEvent
WSAResetEvent
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAEventSelect
WSACreateEvent
WSARecvFrom
WSASendTo
ntohs
WSAStringToAddressW
WSAGetOverlappedResult
shutdown
gethostname
recvfrom
freeaddrinfo
getaddrinfo
ioctlsocket
htonl
WSACleanup
WSASetLastError
setsockopt
getsockopt
getsockname

kernel32

GetCurrentProcessId
UnmapViewOfFile
GetFileSize
CreateFileMappingW
MapViewOfFile
CreateMutexW
DisableThreadLibraryCalls
GetModuleHandleW
OpenMutexW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
VerifyVersionInfoW
QueryPerformanceCounter
GetTickCount
MoveFileExA
WaitForSingleObjectEx
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetEnvironmentVariableA
SetLastError
FormatMessageA
MultiByteToWideChar
WideCharToMultiByte
FlushFileBuffers
SetFilePointer
WriteFile
OutputDebugStringA
InitializeCriticalSection
GetSystemTime
SystemTimeToFileTime
GetCurrentThreadId
GetModuleHandleA
FindClose
FindNextFileA
LoadLibraryA
GlobalMemoryStatus
FlushConsoleInputBuffer
HeapAlloc
GetProcessHeap
HeapFree
InitializeCriticalSectionAndSpinCount
HeapCreate
HeapDestroy
HeapSize
HeapReAlloc
PostQueuedCompletionStatus
LocalFree
CreateFileW
GetQueuedCompletionStatus
DecodePointer
SwitchToThread
CreateIoCompletionPort
MapViewOfFileEx
GetNativeSystemInfo
CreateSemaphoreW
ReleaseSemaphore
GetLogicalDriveStringsW
QueryDosDeviceW
GetCurrentProcess
OpenProcess
GetWindowsDirectoryW
TerminateProcess
CreateProcessW
GetModuleFileNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateDirectoryW
FindFirstFileW
FindNextFileW
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
OpenFileMappingW
FreeResource
LoadResource
SizeofResource
FindResourceW
GetCurrentDirectoryW
SetFileTime
DuplicateHandle
DosDateTimeToFileTime
DeleteFileW
DeviceIoControl
GetLastError
GetLocalTime
ResetEvent
CloseHandle
SetEvent
Sleep
CreateEventW
WaitForSingleObject
SetUnhandledExceptionFilter
EncodePointer
TlsAlloc
TlsGetValue
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
OutputDebugStringW
LoadLibraryExW
InterlockedFlushSList
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetDriveTypeW
SetFilePointerEx
ExitProcess
SetConsoleCtrlHandler
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
GetModuleFileNameA
ReadConsoleW
GetConsoleCP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetACP
GetFullPathNameW
SetStdHandle
GetTimeZoneInformation
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetFileAttributesExW
WriteConsoleW
RaiseException
SetEndOfFile
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
LoadLibraryW
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetTickCount
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceExA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlUnwind
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjectsEx
wsprintfW
GetDesktopWindow
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
PeekMessageW
MessageBoxW
CharUpperBuffW

advapi32

StartServiceW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
ReportEventA
RegisterEventSourceA
DeregisterEventSource
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
BuildTrusteeWithSidW

shell32

ShellExecuteExW

fwpuclnt

FwpmFilterAdd0
FwpmCalloutAdd0
FwpmTransactionAbort0
FwpmGetAppIdFromFileName0
FwpmProviderAdd0
FwpmTransactionCommit0
FwpmSubLayerAdd0
FwpmEngineOpen0
FwpmFilterSetSecurityInfoByKey0
FwpmTransactionBegin0
FwpmEngineClose0

winmm

timeGetTime

wldap32

ord41
ord208
ord142
ord79
ord301
ord117
ord167
ord216
ord14
ord46
ord219
ord145
ord26
ord127
ord133
ord147
ord27

shlwapi

StrPBrkW
StrChrW

iphlpapi

GetAdaptersInfo

userenv

ExpandEnvironmentStringsForUserW

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

crypt32

CertAddCertificateContextToStore
CertCreateCertificateContext
CryptStringToBinaryA
CertOpenStore

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Exports

Exports

$:P�x��v�C��5f4�){�@K��B]��"%�6�\�[��k?gdf� \h�K��O��x��i2��8�=HG�+-��2= @9��`^��H�;�� ſhT��DiHF��]��g�K�|/E��Kӊm/�)��s�z��˴D�t��"Օ��AIrFj� ^�d��g,��KI��1Q4T�H��3\UJ!��1��z��z�.B� =�t�� #_�vqN>W��Aih��ry�I��S��*j��*�Ƚ6�ɏ��]^Rl�F߃��|��$v/��r�+��WW�^�� w��fi�)�֞��-��%��"30��rnE�� 4b� ��m��9��y�h%��FgY 1�o�*e�m��\i]�)��ȳ��A��v��&�(Z�`��<[ ��lؼ8FD��s�<S��l�� Ũ%RO:��f��ې 0�!��"�Ip�C�-�Z�C��:��9~1�ԶMY��r��6��/Q��*�5^i~��:�8�Q��N,p��7��]��|�5?N�<?JQϯ��cv�6��dk��=K��CR��Eq�ɿtHߛ�n�M��(n�y@9f��6j��ґU # ��aM��ѮM��-��C��`��Y-7qg��Yp�*��鋇��;��Śn�:�M]��h�6QK�Š��o�*��&�4�7�N�8n��[JA/��i `��1��E|x&�}�&��YrDy�x�JC��@��(�F�N�KN(��?��\� �,=��-z�dny4�pQI�*՛2< d�fw&��x�:��Ã�l+j�ќu��1� �X�� HB0s&W�$�-�C��_�a��B��X�,1aOx��9��S�c��<�k��S��)s��A��|��`��>��ƭ$g�T�_C��B�eS��񁟦�.�4�(!;:��7�,�/8a��?Α'�E��'��!��b�y}�M ��\�Yş�w�W�Es^��?�Ϋw9-��<VW�a�{��t�Z ��z�v��|�;�HW!*N;v\VQ�f�ܐa��p��{��R��%��%�Gx�߹��=a'U4C-�#�Ծ��gm��I�g �z�CLB��b�%}��`$��YF�� 0��w�I>e�-��;�&�d�;��WB*�Y��ހ�X��W<��8��ָ��73@��`�T�^��Y*��2�ۈ&S�*��hg��N��Xz, ��o��*l��u4}��:aN�N��A�y�1N'�Bt�X<��8TP�z��)��dV2�Y��'k�)~�c��1d�Jj�my��/��H��te��v��j��nL"Oۙ��/�1p NR�z� ��9��QR/i�1�S�O�V0��R�2��q]:%1�~��(��S*]\>��Jv�w�o#��g�<��N�ff!� SD�H[��9�}�I]��1��xB��f��B��8�M�a[�n��H��ľ�}F��.G�G��O14�rX e$i�j�NN�EhN{i%`�k|W��/7��u�:4�K8Գ��]��6SA$� JM/�u`��:��ʴ8ZrވaB�`��5��+9!��E��l<��,�-�8<��m�d�߷��,dV[Ё�q~��L� -ef�X�J�[�6��+��/�P�}�m��zS��Z��,�*FZ3+�}K-��Q�{�к�q��%mg��`^��8$L�l�Bo��i��x��V��8��eaAwyK~b��.�[�n�5�DU[X��9[0��Q��q�N�f��!�ZT��<��FV�M�~c;\�g5w @��j��)��^��`v,A ��y�d�� Ւ��E�C]!\�=:�R�"��_� R?�m�Z��5Ɩ�X��h`��.��#$�vS��DNu]P��~.��W�%� .�P�خ��,V-�c,H��'JX璙�9%�+1��-��S�MN(h��kE~�=۠�s٥�4l��L�/en�u��ka�j��U䙏zi/�r섈I��Kpܵ��Ь@�P5F��7-�Q��g��2>sJ��؛r8��(�O ��+�+��_x!u��Z��e/Q�HNؙ,��(�.�&��ڋ��ix�84j�L��OD/�h4:/fQ_h�+j'3U9 C��{&JH�`{�o�ʟf�܁��!�e��2k�3Z��W�B��S��tkeP_ٌ�GE ��M�Q(6��c�qP�a[a6��,��p�U}�<Aޝ�P�Z�_ŏ�c=)��8zg�6v]q?ϝy��ϋ��K-��8E/,+K�!��#6��Y��N�V��B7��V��.�=a �Bu��.�m�A��XЏސ�ڌ�m�`�*��|�Y-�`4��1}5Ģ��eo�Gzr��v|�G�w��艹�p��"zx4�딌C��P�-�.��^Q�ѧtBI\�&�v��L/��FV�.�[NK~Q��q��9�zR�� (Ո�2��w��c�n��G�ü��9�ؔ�h��v��jELN*M?�E�c�=�p�^�mn�B��{��փA#0oT��&H��3�b��F�%=ogedwڡ��{��y8p:3�l��"PWe�@7��6HN}�o��@��7�E��젼��Wr=Aa�E��&1!x�ʬ��T��[��P%�m��FG�Xw��ϙ��`jv�/ל�?=��t�>�)��x��R'YQa��]��o��r�e�F~DP��h �~�1]`�v�B�l��(��`��-��S�V�v�\")� }7&H�9ڬA1g��r0V��N.�1R�

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 389KB - Virtual size: 389KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 866KB - Virtual size: 865KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 608KB - Virtual size: 607KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

549aab14b72be073e21f9e1306c0ac5f

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

shell32

fwpuclnt

winmm

wldap32

shlwapi

iphlpapi

userenv

psapi

crypt32

version

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 389KB - Virtual size: 389KB

.data Size: 46KB - Virtual size: 58KB

.gfids Size: 512B - Virtual size: 432B

.tls Size: 512B - Virtual size: 9B

.vmp0 Size: 866KB - Virtual size: 865KB

.vmp1 Size: 76KB - Virtual size: 75KB

.reloc Size: 70KB - Virtual size: 70KB

.rsrc Size: 608KB - Virtual size: 607KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 389KB - Virtual size: 389KB

.data
Size: 46KB - Virtual size: 58KB

.gfids
Size: 512B - Virtual size: 432B

.tls
Size: 512B - Virtual size: 9B

.vmp0
Size: 866KB - Virtual size: 865KB

.vmp1
Size: 76KB - Virtual size: 75KB

.reloc
Size: 70KB - Virtual size: 70KB

.rsrc
Size: 608KB - Virtual size: 607KB